If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Manual exploitation

Greetings again.

As you may know, I am attempting to rise above the level of script kiddie knowledge of backtrack, metasploit, and indeed hacking.

my current roadblock is I believe, privilege escalation. I am working on a vulnerable vm where I have gained user level privileges. I have researched possible vulnerabilities and exploit code. Problem: I have always used metasploit to deliver code. I have no idea how to manually exploit a service or cause a desirable condition. Also, I don't understand the source code so I can understand it and what it does, how to use it to exploit the vulnerability.

I have done some research, I am reading the Wikipedia article on shellcode (dont laugh) and it states:

"Injecting the shellcode is often done by storing the shellcode in data sent over the network to the vulnerable process, by supplying it in a file that is read by the vulnerable process or through the command line or environment in the case of local exploits."

I take this to mean injecting the code into packets that are read by a vulnerable application and the code is executed(remote exploit?), or the same through a file(how do I get the file on the system?), or somehow causing the required condition on the local machine. (how?)

Re: Manual exploitation

There are also a ton of other resources on the internet that can help with this subject. There are also a ton of threads on this forum that could help point you in the right direction if you take the time to do some searching.